A method, system and computer program product for controlling an access to a data resource are disclosed. According to an embodiment, a method for controlling an access to a data resource comprises: communicating a request for the access to the data resource from a requester to an owner of the data resource for validation, the communicating being implemented by a network server; and generating information required by an access implementation server to implement a validated access and updating a data storage device with the generated information.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method, comprising: in response to an individual access request from an access requestor, comprising a user identification of the access requestor for which the individual access is requested and an identification of an access implementation server used by the access requestor for the requested individual access, to an owner of a data resource with access to the data resource controlled by an access management database, receiving from the owner of the data resource a validation of access authorizing the access requestor to access the data resource via the access implementation server; generating, via an access control computing device, access information required to implement a validated access by the access requestor via the access implementation server using a client machine selected by the access requestor in response to receiving the validation of access, where the access information comprises the identification of the access requestor and an identification of the selected client machine used by the access requestor to access the data resource; and updating, via the access control computing device, the access management database with the generated access information in response to generation of the access information.
A method for controlling access to a data resource involves these steps: When a user (access requestor) requests access, sending the request, including the user's ID and the access implementation server they are using, to the owner of the data resource. The data resource access is controlled by an access management database. Upon approval (validation) from the owner, confirming the user can access the resource through that server; generating access information that the access implementation server needs. This information includes the user's ID and the ID of the client machine they are using; updating the access management database with this generated access information to record the validated access.
2. The method of claim 1 , further comprising copying the access information to the access implementation server used by the access requestor for the requested individual access to the data resource.
The method described in Claim 1 which controls access to a data resource by sending access requests to the owner, validating access, generating access information, and updating a database, further includes copying the generated access information to the specific access implementation server that the user is using to access the data resource. This ensures the access implementation server has the necessary information to authorize the user's access.
3. The method of claim 1 , further comprising: monitoring access to the data resource; and revoking access to the data resource by the access requestor and the selected client machine if identification information provided by the access requestor and the selected client machine conflicts with the identification of the access requestor and the identification of the selected client machine of the access information.
The method described in Claim 1 which controls access to a data resource by sending access requests to the owner, validating access, generating access information, and updating a database, further includes monitoring attempts to access the data resource. If the identifying information provided by the user or their client machine doesn't match the access information stored (user ID, client machine ID), then the access is revoked for both the user and the specific client machine they are using, thereby preventing unauthorized access.
4. The method of claim 1 , where the owner of the data resource comprises a first entity having authority to generate the validation of access and a second entity having authority to generate the validation of access, the second entity having a higher level of authority than the first entity.
The method described in Claim 1 which controls access to a data resource by sending access requests to the owner, validating access, generating access information, and updating a database, specifies that the "owner" who can validate access can be multiple entities. There's a first entity that can grant validation, and a second entity with a higher authority level that can also grant validation. This allows for a hierarchy of permissions when controlling access to the resource.
5. The method of claim 1 , where the validation of access expires after a preset period, the method further comprising reminding the owner of the data resource of a need for revalidation.
The method described in Claim 1 which controls access to a data resource by sending access requests to the owner, validating access, generating access information, and updating a database, includes an expiration period for the access validation. The method includes reminding the owner of the data resource that the validation is expiring and needs to be revalidated, ensuring access rights are regularly reviewed and updated.
6. The method of claim 5 , further comprising changing the access information in response to the owner of the data resource changing the validation of access during the preset period.
The method described in Claim 5, which controls access to a data resource with expiring validations and owner reminders, also enables the owner to change the validation of access *before* it expires. If the owner changes the validation, the system updates the access information accordingly, reflecting the owner's updated permissions in real-time.
7. A system, comprising: a memory; and a processor, programmed to: in response to an individual access request from an access requestor, comprising a user identification of the access requestor for which the individual access is requested and an identification of an access implementation server used by the access requestor for the requested individual access, to an owner of a data resource with access to the data resource controlled by an access management database, receive from the owner of the data resource a validation of access authorizing the access requestor to access the data resource via the access implementation server; generate access information required to implement a validated access by the access requestor via the access implementation server using a client machine selected by the access requestor in response to receiving the validation of access, where the access information comprises the identification of the access requestor and an identification of the selected client machine used by the access requestor to access the data resource; and update the access management database with the generated access information in response to generation of the access information.
A system for controlling access to a data resource has a memory and a processor programmed to perform these actions: Upon receiving an access request from a user (access requestor), including their ID and the access implementation server they're using, send the request to the owner of the data resource. The data resource access is managed by an access management database. Receive validation from the owner, confirming the user can access the resource through that server. Generate access information needed by the access implementation server. This access information includes the user's ID and the ID of the client machine they're using. Update the access management database with this generated access information.
8. The system of claim 7 , where the processor is further programmed to copy the access information to the access implementation server used by the access requestor for the requested individual access to the data resource.
The system described in Claim 7 which controls access to a data resource by sending access requests to the owner, validating access, generating access information, and updating a database, further includes the processor being programmed to copy the generated access information to the specific access implementation server used by the user requesting access. This ensures the access implementation server has the necessary information for authorization.
9. The system of claim 7 , where the processor is further programmed to: monitor access to the data resource; and revoke access to the data resource by the access requestor and the selected client machine if identification information provided by the access requestor and the selected client machine conflicts with the identification of the access requestor and the identification of the selected client machine of the access information.
The system described in Claim 7 which controls access to a data resource by sending access requests to the owner, validating access, generating access information, and updating a database, further includes the processor being programmed to monitor access attempts to the data resource. If the identifying information from the user or client machine conflicts with the stored access information (user ID, client machine ID), then access is revoked for both the user and the client machine.
10. The system of claim 7 , where the owner of the data resource comprises a first entity having authority to generate the validation of access and a second entity having authority to generate the validation of access, the second entity having a higher level of authority than the first entity.
The system described in Claim 7 which controls access to a data resource by sending access requests to the owner, validating access, generating access information, and updating a database, specifies that the "owner" who can validate access can be multiple entities. The processor is programmed to allow a first entity and a second entity (with higher authority) to generate the validation of access.
11. The system of claim 7 , where the validation of access expires after a preset period, and the processor is further programmed to remind the owner of the data resource of a need for revalidation.
The system described in Claim 7 which controls access to a data resource by sending access requests to the owner, validating access, generating access information, and updating a database, includes an expiration period for access validations. The processor is further programmed to remind the data resource owner that revalidation is needed.
12. The system of claim 11 , where the processor is further programmed to change the access information in response to the owner of the data resource changing the validation of access during the preset period.
The system described in Claim 11, which controls access to a data resource with expiring validations and owner reminders, includes the processor being programmed to update the access information if the owner changes the validation of access before it expires. This ensures the system reflects the most current access permissions.
13. A computer program product comprising a computer readable storage device including computer usable program code which, when executed by a computer system, enables the computer system to: in response to an individual access request from an access requestor, comprising a user identification of the access requestor for which the individual access is requested and an identification of an access implementation server used by the access requestor for the requested individual access, to an owner of a data resource with access to the data resource controlled by an access management database, receive from the owner of the data resource a validation of access authorizing the access requestor to access the data resource via the access implementation server; generate access information required to implement a validated access by the access requestor via the access implementation server using a client machine selected by the access requestor in response to receiving the validation of access, where the access information comprises the identification of the access requestor and an identification of the selected client machine used by the access requestor to access the data resource; and update the access management database with the generated access information in response to generation of the access information.
A computer program product resides on a storage device and, when executed, enables a computer to control access to a data resource. The program functions as follows: When a user (access requestor) requests access with their ID and access implementation server info, the request is sent to the owner of the data resource, managed by an access database. Upon validation from the owner, confirming access, the program generates access information including the user's ID and client machine ID needed by the access implementation server and updates the access database with this information.
14. The computer program product of claim 13 , wherein the program code is further configured to: monitor access to the data resource; and revoke access to the data resource by the access requestor and the selected client machine if identification information provided by the access requestor and the selected client machine conflicts with the identification of the access requestor and the identification of the selected client machine of the access information.
The computer program product described in Claim 13, which controls access to a data resource by sending access requests to the owner, validating access, generating access information, and updating a database, is further configured to monitor attempts to access the data resource. If user or client machine ID conflicts with the stored access information (user ID, client machine ID), then access is revoked for both the user and the client machine, preventing unauthorized access.
15. The computer program product of claim 13 , where the owner of the data resource comprises a first entity having authority to generate the validation of access and a second entity having authority to generate the validation of access, the second entity having a higher level of authority than the first entity.
The computer program product described in Claim 13, which controls access to a data resource by sending access requests to the owner, validating access, generating access information, and updating a database, specifies that the “owner” capable of granting access validations includes a first entity and a second entity with higher authority.
16. The computer program product of claim 13 , where the validation of access expires after a preset period, the program code being configured to remind the owner of the data resource of a need for revalidation.
The computer program product described in Claim 13, which controls access to a data resource by sending access requests to the owner, validating access, generating access information, and updating a database, allows access validations to expire after a set duration. The program is configured to remind the data resource owner to revalidate access before it expires, thereby maintaining security.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
February 20, 2007
July 9, 2013
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.